Chapter 11 Management
IES4005M User’s Guide
101
11.8.2 Command Examples
This example displays how to set the authentication methods for login first to use RADIUS server
and second to use the IES’s local database. Then it displays the current authentication method
settings.
aaa authorization privilege
<privilege> <mode>
Sets the authorization mode for the specified command privilege
level. Every command belongs to a privilege. Authorization happens
when a user executes a command matching the specified privilege.
For example, to allow only one user “A” to use the VoIP SIP
commands, you can configure this system so all the VoIP SIP
commands require a specific privilege level (ex. 12) and set the
authorization method for this privilege level to tacacs+. Then you set
the command shell set configured in the TACACS+ server to only give
user “A” access to VoIP SIP commands.
privilege: 1-14
mode: 1-5
1: none: to have no authorization
2: local: to have the system use its local database. This is the default
value.
3: tacacs+: to have the system use a remote TACACS+ server.
4: tacacs+ then none: to have the system use a remote TACACS+
server and if the TACACS+ server does not respond, the system has
no authorization
.
5: tacacs+ then local: to have the system use remote TACACS+
server and if the TACACS+ server does not respond, use its local
database
.
C13
show aaa authorization Displays authorization method and privilege mappings. E 3
no aaa authorization Resets the authorization mode and privilege mappings to the defaults. C 13
Table 69 aaa command summary (continued)
Command Description M P
sysname# configure
sysname(config)# aaa authentication login radius local
sysname(config)# exit
sysname# show aaa authentication
login type method :
method1 method2 method3
------- ------- -------
radius local
enable type method :
method1 method2
------- -------
local
To Next Page
Loading...
